Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Grafana 8.x - Local File Inclusion" module is designed to detect a vulnerability in Grafana 8.x that allows for local file inclusion. Grafana is a popular open-source analytics and monitoring platform used for visualizing time-series data. This module focuses on identifying instances of local file inclusion in Grafana installations.
This vulnerability has a high severity level, indicating that it can potentially lead to unauthorized access to sensitive files and data.
This module was authored by z0ne, dhiyaneshDk, jeya.seelan, dwisiswant0, and j4vaovo.
A successful exploitation of the local file inclusion vulnerability in Grafana 8.x can allow an attacker to read arbitrary files on the server. This can lead to the exposure of sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
The module works by sending HTTP requests to the target Grafana server and checking for specific conditions that indicate the presence of the local file inclusion vulnerability.
One example of an HTTP request sent by the module is:
GET /public/plugins/{%pluginSlug%}/../../../../../conf/defaults.ini
This request attempts to access the "defaults.ini" file located in the Grafana installation directory.
The module then applies matching conditions to the response received from the server to determine if the vulnerability is present. The matching conditions include:
- Checking the response body for specific words, such as "socket = /tmp/grafana.sock" and "http_port". - Verifying that the response status code is 200 (indicating a successful request).If both matching conditions are met, the module reports the vulnerability.
For more information, you can refer to the Grafana blog post on this vulnerability.